cipe-1.4.5-20mdk.src.rpm/cipe-1.4.5.tar.gz

pkg://cipe-1.4.5-20mdk.src.rpm:123301/cipe-1.4.5.tar.gz info downloads
cipe-1.4.5/README0100664000062500000040000000132407150211264011555 0ustar  olafadm   CIPE - encrypted IP over UDP tunneling
   Copyright 1996-2000 Olaf Titz <olaf@bigred.inka.de>

   Version 1.4

   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public License
   as published by the Free Software Foundation; either version
   2 of the License, or (at your option) any later version.

Documentation for this package is in the file "cipe.info", to be read
with Emacs or the "info" program.

The newest version of CIPE is available on
    http://sites.inka.de/~bigred/devel/cipe.html
In case you want a hardcopy printout of the manual, you can also get
the Texinfo source for the manual there.

$Id: README,v 1.9 2000/08/21 11:29:56 olaf Exp $
cipe-1.4.5/README.key-bug0100664000062500000040000000222207206556641013132 0ustar  olafadmIncompatibility of keys to older CIPE versions
==============================================

Versions of CIPE before 1.4.0 have a bug in the way the `key' option is
interpreted. It is supposed to be a 128-bit hexadecimal number.
However, earlier versions interpret the digits `a' through `f' as equal
to `1' through `6'. This reduces the effective key space from 16^32 (32
hex digits) to 10^32 (32 decimal digits), or 109 bits. Worse, it
introduces bias in the distribution of bit patterns in the effective
key.

This bug needed to be fixed as soon as it was found. Unfortunately the
fix means that old and new versions of `ciped' will read the same key
parameter differently, in other words: keys are not compatible between
1.4.0 and older when they contain any non-decimal digits.

The solution to make them work again is either to upgrade both ends at
once (recommended), or generate new keys which consist only of decimal
digits. A possible method to generate such a key is
     (ps aux|md5sum; ps alx|md5sum) | tr -cd 0-9

Alternatively, the 1.4 or newer package can be given the option
`--enable-bug-compatible' to `configure' to use the old broken key
parser.

cipe-1.4.5/CHANGES0100664000062500000040000000320307112447134011673 0ustar  olafadm        User visible changes of this version since 1.3:

- IMPORTANT: A necessary bugfix in ciped causes keys to be incompatible
  with earlier versions unless special precautions are followed.
  See README.key-bug for details.
- C version of Blowfish available.
- Runs under Linux 2.3.x, at least with x>=48.
- Option files have to be given as absolute paths.
  More strict permission checking on these files.

     	User visible changes of this version since 1.2:

- Build uses an autoconf script. Poking around in the Makefile is
  unnecessary now. Installing: ./configure; make.
  Options are set on the command line of ./configure.
  configure script looks for kernel headers in default location.
- Compilation happens in separate object directory, it is possible to
  have different configurations (e.g. IDEA/Blowfish) at once in
  different object directories.
- ciped has been renamed to ciped-XY, with XY as in cipXY.o.
- ip-up, ip-down get passed the configuration parameters in environment.
- Options to send internal keepalive pings and timeout on them.

	User visible changes of this version since 1.0:

- Runs under Linux 2.1.x, at least with x>=109, and 2.2.x.
- Device names have changed: protocol version is now a letter. 1=a,
  2=b etc., so cip3b->cipcb.
- Channels are allocated and deallocated dynamically. This enables the
  default for cipe_maxdev to be set to 100.
  (Compilation option NO_DYNDEV to remove this feature.)
- Statistics are logged upon close and then cleared. The log is simply
  one line from /proc/net/dev.
- ciped waits for completion of ip-up before daemonizing.
- New configuration option for using key exchange timestamps.
cipe-1.4.5/COPYING0100664000062500000040000004307606601765724011761 0ustar  olafadm		    GNU GENERAL PUBLIC LICENSE
		       Version 2, June 1991

 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
                          675 Mass Ave, Cambridge, MA 02139, USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

			    Preamble

  The licenses for most software are designed to take away your
freedom to share and change it.  By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users.  This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it.  (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.)  You can apply it to
your programs, too.

  When we speak of free software, we are referring to freedom, not
price.  Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.

  To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.

  For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have.  You must make sure that they, too, receive or can get the
source code.  And you must show them these terms so they know their
rights.

  We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.

  Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software.  If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.

  Finally, any free program is threatened constantly by software
patents.  We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary.  To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.

  The precise terms and conditions for copying, distribution and
modification follow.

		    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

  0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License.  The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language.  (Hereinafter, translation is included without limitation in
the term "modification".)  Each licensee is addressed as "you".

Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope.  The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.

  1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.

You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.

  2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:

    a) You must cause the modified files to carry prominent notices
    stating that you changed the files and the date of any change.

    b) You must cause any work that you distribute or publish, that in
    whole or in part contains or is derived from the Program or any
    part thereof, to be licensed as a whole at no charge to all third
    parties under the terms of this License.

    c) If the modified program normally reads commands interactively
    when run, you must cause it, when started running for such
    interactive use in the most ordinary way, to print or display an
    announcement including an appropriate copyright notice and a
    notice that there is no warranty (or else, saying that you provide
    a warranty) and that users may redistribute the program under
    these conditions, and telling the user how to view a copy of this
    License.  (Exception: if the Program itself is interactive but
    does not normally print such an announcement, your work based on
    the Program is not required to print an announcement.)

These requirements apply to the modified work as a whole.  If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works.  But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.

In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.

  3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:

    a) Accompany it with the complete corresponding machine-readable
    source code, which must be distributed under the terms of Sections
    1 and 2 above on a medium customarily used for software interchange; or,

    b) Accompany it with a written offer, valid for at least three
    years, to give any third party, for a charge no more than your
    cost of physically performing source distribution, a complete
    machine-readable copy of the corresponding source code, to be
    distributed under the terms of Sections 1 and 2 above on a medium
    customarily used for software interchange; or,

    c) Accompany it with the information you received as to the offer
    to distribute corresponding source code.  (This alternative is
    allowed only for noncommercial distribution and only if you
    received the program in object code or executable form with such
    an offer, in accord with Subsection b above.)

The source code for a work means the preferred form of the work for
making modifications to it.  For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable.  However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.

If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.

  4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License.  Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.

  5. You are not required to accept this License, since you have not
signed it.  However, nothing else grants you permission to modify or
distribute the Program or its derivative works.  These actions are
prohibited by law if you do not accept this License.  Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.

  6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions.  You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.

  7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License.  If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all.  For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.

If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.

It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices.  Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.

This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.

  8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded.  In such case, this License incorporates
the limitation as if written in the body of this License.

  9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time.  Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.

Each version is given a distinguishing version number.  If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation.  If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.

  10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission.  For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this.  Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.

			    NO WARRANTY

  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

		     END OF TERMS AND CONDITIONS

	Appendix: How to Apply These Terms to Your New Programs

  If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.

  To do so, attach the following notices to the program.  It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.

    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) 19yy  <name of author>

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

Also add information on how to contact you by electronic and paper mail.

If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:

    Gnomovision version 69, Copyright (C) 19yy name of author
    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.

The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License.  Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.

You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary.  Here is a sample; alter the names:

  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
  `Gnomovision' (which makes passes at compilers) written by James Hacker.

  <signature of Ty Coon>, 1 April 1989
  Ty Coon, President of Vice

This General Public License does not permit incorporating your program into
proprietary programs.  If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library.  If this is what you want to do, use the GNU Library General
Public License instead of this License.
cipe-1.4.5/cipe.lsm0100664000062500000040000000067507206556553012361 0ustar  olafadmBegin4
Title:		cipe
Version:	1.4.5
Entered-date:	2000-11-21
Description:	A network device that does encrypted IP-in-UDP tunneling.
		Useful for building virtual private networks, etc.
                The package consists of a kernel module and driver program.
Keywords:	encryption, routing, tunnel, VPN
Author: 	olaf@bigred.inka.de (Olaf Titz)
Primary-site:	sites.inka.de /W1011/sw
                103k cipe-1.4.5.tar.gz
Copying-policy:	GPL
End
cipe-1.4.5/configure0100775000062500000040000014505707206556636012641 0ustar  olafadm#! /bin/sh

# From configure.in Id: configure.in













# Guess values for system-dependent variables and create Makefiles.
# Generated automatically using autoconf version 2.13 
# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc.
#
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.

# Defaults:
ac_help=
ac_default_prefix=/usr/local
# Any additions from configure.in:
ac_help="$ac_help
  --with-linux=PATH       Path to Linux source tree"
ac_help="$ac_help
  --with-linux-include=PATH
                          Path to Linux include tree"
ac_help="$ac_help
  --enable-protocol=n     Use protocol n (should remain at 3)"
ac_help="$ac_help
  --enable-idea           Use the IDEA cipher (default is Blowfish)"
ac_help="$ac_help
  --disable-debug         Disable debugging code in kernel module"
ac_help="$ac_help
  --disable-dyndev        Disable dynamic device allocation"
ac_help="$ac_help
  --enable-logfacility=x  Set syslog facility for ciped"
ac_help="$ac_help
  --enable-bug-compatible Use old, broken interpretation of keys"
ac_help="$ac_help
  --disable-asm           Disable use of assembler code"
ac_help="$ac_help
  --enable-name=n         Set build directory name suffix"

# Initialize some variables set by options.
# The variables have the same names as the options, with
# dashes changed to underlines.
build=NONE
cache_file=./config.cache
exec_prefix=NONE
host=NONE
no_create=
nonopt=NONE
no_recursion=
prefix=NONE
program_prefix=NONE
program_suffix=NONE
program_transform_name=s,x,x,
silent=
site=
srcdir=
target=NONE
verbose=
x_includes=NONE
x_libraries=NONE
bindir='${exec_prefix}/bin'
sbindir='${exec_prefix}/sbin'
libexecdir='${exec_prefix}/libexec'
datadir='${prefix}/share'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
libdir='${exec_prefix}/lib'
includedir='${prefix}/include'
oldincludedir='/usr/include'
infodir='${prefix}/info'
mandir='${prefix}/man'

# Initialize some other variables.
subdirs=
MFLAGS= MAKEFLAGS=
SHELL=${CONFIG_SHELL-/bin/sh}
# Maximum number of lines to put in a shell here document.
ac_max_here_lines=12

ac_prev=
for ac_option
do

  # If the previous option needs an argument, assign it.
  if test -n "$ac_prev"; then
    eval "$ac_prev=\$ac_option"
    ac_prev=
    continue
  fi

  case "$ac_option" in
  -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
  *) ac_optarg= ;;
  esac

  # Accept the important Cygnus configure options, so we can diagnose typos.

  case "$ac_option" in

  -bindir | --bindir | --bindi | --bind | --bin | --bi)
    ac_prev=bindir ;;
  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
    bindir="$ac_optarg" ;;

  -build | --build | --buil | --bui | --bu)
    ac_prev=build ;;
  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
    build="$ac_optarg" ;;

  -cache-file | --cache-file | --cache-fil | --cache-fi \
  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
    ac_prev=cache_file ;;
  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
    cache_file="$ac_optarg" ;;

  -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
    ac_prev=datadir ;;
  -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
  | --da=*)
    datadir="$ac_optarg" ;;

  -disable-* | --disable-*)
    ac_feature=`echo $ac_option|sed -e 's/-*disable-//'`
    # Reject names that are not valid shell variable names.
    if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then
      { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
    fi
    ac_feature=`echo $ac_feature| sed 's/-/_/g'`
    eval "enable_${ac_feature}=no" ;;

  -enable-* | --enable-*)
    ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'`
    # Reject names that are not valid shell variable names.
    if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then
      { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
    fi
    ac_feature=`echo $ac_feature| sed 's/-/_/g'`
    case "$ac_option" in
      *=*) ;;
      *) ac_optarg=yes ;;
    esac
    eval "enable_${ac_feature}='$ac_optarg'" ;;

  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
  | --exec | --exe | --ex)
    ac_prev=exec_prefix ;;
  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
  | --exec=* | --exe=* | --ex=*)
    exec_prefix="$ac_optarg" ;;

  -gas | --gas | --ga | --g)
    # Obsolete; use --with-gas.
    with_gas=yes ;;

  -help | --help | --hel | --he)
    # Omit some internal or obsolete options to make the list less imposing.
    # This message is too long to be a string in the A/UX 3.1 sh.
    cat << EOF
Usage: configure [options] [host]
Options: [defaults in brackets after descriptions]
Configuration:
  --cache-file=FILE       cache test results in FILE
  --help                  print this message
  --no-create             do not create output files
  --quiet, --silent       do not print \`checking...' messages
  --version               print the version of autoconf that created configure
Directory and file names:
  --prefix=PREFIX         install architecture-independent files in PREFIX
                          [$ac_default_prefix]
  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
                          [same as prefix]
  --bindir=DIR            user executables in DIR [EPREFIX/bin]
  --sbindir=DIR           system admin executables in DIR [EPREFIX/sbin]
  --libexecdir=DIR        program executables in DIR [EPREFIX/libexec]
  --datadir=DIR           read-only architecture-independent data in DIR
                          [PREFIX/share]
  --sysconfdir=DIR        read-only single-machine data in DIR [PREFIX/etc]
  --sharedstatedir=DIR    modifiable architecture-independent data in DIR
                          [PREFIX/com]
  --localstatedir=DIR     modifiable single-machine data in DIR [PREFIX/var]
  --libdir=DIR            object code libraries in DIR [EPREFIX/lib]
  --includedir=DIR        C header files in DIR [PREFIX/include]
  --oldincludedir=DIR     C header files for non-gcc in DIR [/usr/include]
  --infodir=DIR           info documentation in DIR [PREFIX/info]
  --mandir=DIR            man documentation in DIR [PREFIX/man]
  --srcdir=DIR            find the sources in DIR [configure dir or ..]
  --program-prefix=PREFIX prepend PREFIX to installed program names
  --program-suffix=SUFFIX append SUFFIX to installed program names
  --program-transform-name=PROGRAM
                          run sed PROGRAM on installed program names
EOF
    cat << EOF
Host type:
  --build=BUILD           configure for building on BUILD [BUILD=HOST]
  --host=HOST             configure for HOST [guessed]
  --target=TARGET         configure for TARGET [TARGET=HOST]
Features and packages:
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
  --x-includes=DIR        X include files are in DIR
  --x-libraries=DIR       X library files are in DIR
EOF
    if test -n "$ac_help"; then
      echo "--enable and --with options recognized:$ac_help"
    fi
    exit 0 ;;

  -host | --host | --hos | --ho)
    ac_prev=host ;;
  -host=* | --host=* | --hos=* | --ho=*)
    host="$ac_optarg" ;;

  -includedir | --includedir | --includedi | --included | --include \
  | --includ | --inclu | --incl | --inc)
    ac_prev=includedir ;;
  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
  | --includ=* | --inclu=* | --incl=* | --inc=*)
    includedir="$ac_optarg" ;;

  -infodir | --infodir | --infodi | --infod | --info | --inf)
    ac_prev=infodir ;;
  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
    infodir="$ac_optarg" ;;

  -libdir | --libdir | --libdi | --libd)
    ac_prev=libdir ;;
  -libdir=* | --libdir=* | --libdi=* | --libd=*)
    libdir="$ac_optarg" ;;

  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
  | --libexe | --libex | --libe)
    ac_prev=libexecdir ;;
  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
  | --libexe=* | --libex=* | --libe=*)
    libexecdir="$ac_optarg" ;;

  -localstatedir | --localstatedir | --localstatedi | --localstated \
  | --localstate | --localstat | --localsta | --localst \
  | --locals | --local | --loca | --loc | --lo)
    ac_prev=localstatedir ;;
  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
  | --localstate=* | --localstat=* | --localsta=* | --localst=* \
  | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
    localstatedir="$ac_optarg" ;;

  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
    ac_prev=mandir ;;
  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
    mandir="$ac_optarg" ;;

  -nfp | --nfp | --nf)
    # Obsolete; use --without-fp.
    with_fp=no ;;

  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
  | --no-cr | --no-c)
    no_create=yes ;;

  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
    no_recursion=yes ;;

  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
  | --oldin | --oldi | --old | --ol | --o)
    ac_prev=oldincludedir ;;
  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
    oldincludedir="$ac_optarg" ;;

  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
    ac_prev=prefix ;;
  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
    prefix="$ac_optarg" ;;

  -program-prefix | --program-prefix | --program-prefi | --program-pref \
  | --program-pre | --program-pr | --program-p)
    ac_prev=program_prefix ;;
  -program-prefix=* | --program-prefix=* | --program-prefi=* \
  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
    program_prefix="$ac_optarg" ;;

  -program-suffix | --program-suffix | --program-suffi | --program-suff \
  | --program-suf | --program-su | --program-s)
    ac_prev=program_suffix ;;
  -program-suffix=* | --program-suffix=* | --program-suffi=* \
  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
    program_suffix="$ac_optarg" ;;

  -program-transform-name | --program-transform-name \
  | --program-transform-nam | --program-transform-na \
  | --program-transform-n | --program-transform- \
  | --program-transform | --program-transfor \
  | --program-transfo | --program-transf \
  | --program-trans | --program-tran \
  | --progr-tra | --program-tr | --program-t)
    ac_prev=program_transform_name ;;
  -program-transform-name=* | --program-transform-name=* \
  | --program-transform-nam=* | --program-transform-na=* \
  | --program-transform-n=* | --program-transform-=* \
  | --program-transform=* | --program-transfor=* \
  | --program-transfo=* | --program-transf=* \
  | --program-trans=* | --program-tran=* \
  | --progr-tra=* | --program-tr=* | --program-t=*)
    program_transform_name="$ac_optarg" ;;

  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
  | -silent | --silent | --silen | --sile | --sil)
    silent=yes ;;

  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
    ac_prev=sbindir ;;
  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
  | --sbi=* | --sb=*)
    sbindir="$ac_optarg" ;;

  -sharedstatedir | --sharedstatedir | --sharedstatedi \
  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
  | --sharedst | --shareds | --shared | --share | --shar \
  | --sha | --sh)
    ac_prev=sharedstatedir ;;
  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
  | --sha=* | --sh=*)
    sharedstatedir="$ac_optarg" ;;

  -site | --site | --sit)
    ac_prev=site ;;
  -site=* | --site=* | --sit=*)
    site="$ac_optarg" ;;

  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
    ac_prev=srcdir ;;
  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
    srcdir="$ac_optarg" ;;

  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
  | --syscon | --sysco | --sysc | --sys | --sy)
    ac_prev=sysconfdir ;;
  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
    sysconfdir="$ac_optarg" ;;

  -target | --target | --targe | --targ | --tar | --ta | --t)
    ac_prev=target ;;
  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
    target="$ac_optarg" ;;

  -v | -verbose | --verbose | --verbos | --verbo | --verb)
    verbose=yes ;;

  -version | --version | --versio | --versi | --vers)
    echo "configure generated by autoconf version 2.13"
    exit 0 ;;

  -with-* | --with-*)
    ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'`
    # Reject names that are not valid shell variable names.
    if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then
      { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
    fi
    ac_package=`echo $ac_package| sed 's/-/_/g'`
    case "$ac_option" in
      *=*) ;;
      *) ac_optarg=yes ;;
    esac
    eval "with_${ac_package}='$ac_optarg'" ;;

  -without-* | --without-*)
    ac_package=`echo $ac_option|sed -e 's/-*without-//'`
    # Reject names that are not valid shell variable names.
    if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then
      { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
    fi
    ac_package=`echo $ac_package| sed 's/-/_/g'`
    eval "with_${ac_package}=no" ;;

  --x)
    # Obsolete; use --with-x.
    with_x=yes ;;

  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
  | --x-incl | --x-inc | --x-in | --x-i)
    ac_prev=x_includes ;;
  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
    x_includes="$ac_optarg" ;;

  -x-libraries | --x-libraries | --x-librarie | --x-librari \
  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
    ac_prev=x_libraries ;;
  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
    x_libraries="$ac_optarg" ;;

  -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; }
    ;;

  *)
    if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then
      echo "configure: warning: $ac_option: invalid host type" 1>&2
    fi
    if test "x$nonopt" != xNONE; then
      { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; }
    fi
    nonopt="$ac_option"
    ;;

  esac
done

if test -n "$ac_prev"; then
  { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; }
fi

trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15

# File descriptor usage:
# 0 standard input
# 1 file creation
# 2 errors and warnings
# 3 some systems may open it to /dev/tty
# 4 used on the Kubota Titan
# 6 checking for... messages and results
# 5 compiler messages saved in config.log
if test "$silent" = yes; then
  exec 6>/dev/null
else
  exec 6>&1
fi
exec 5>./config.log

echo "\
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
" 1>&5

# Strip out --no-create and --no-recursion so they do not pile up.
# Also quote any args containing shell metacharacters.
ac_configure_args=
for ac_arg
do
  case "$ac_arg" in
  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
  | --no-cr | --no-c) ;;
  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;;
  *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*)
  ac_configure_args="$ac_configure_args '$ac_arg'" ;;
  *) ac_configure_args="$ac_configure_args $ac_arg" ;;
  esac
done

# NLS nuisances.
# Only set these to C if already set.  These must not be set unconditionally
# because not all systems understand e.g. LANG=C (notably SCO).
# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'!
# Non-C LC_CTYPE values break the ctype check.
if test "${LANG+set}"   = set; then LANG=C;   export LANG;   fi
if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi
if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi
if test "${LC_CTYPE+set}"    = set; then LC_CTYPE=C;    export LC_CTYPE;    fi

# confdefs.h avoids OS command line length limits that DEFS can exceed.
rm -rf conftest* confdefs.h
# AIX cpp loses on an empty file, so make sure it contains at least a newline.
echo > confdefs.h

# A filename unique to this package, relative to the directory that
# configure is in, which we can look for to find out if srcdir is correct.
ac_unique_file=./ciped.c

# Find the source files, if location was not specified.
if test -z "$srcdir"; then
  ac_srcdir_defaulted=yes
  # Try the directory containing this script, then its parent.
  ac_prog=$0
  ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'`
  test "x$ac_confdir" = "x$ac_prog" && ac_confdir=.
  srcdir=$ac_confdir
  if test ! -r $srcdir/$ac_unique_file; then
    srcdir=..
  fi
else
  ac_srcdir_defaulted=no
fi
if test ! -r $srcdir/$ac_unique_file; then
  if test "$ac_srcdir_defaulted" = yes; then
    { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; }
  else
    { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; }
  fi
fi
srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'`

# Prefer explicitly selected file to automatically selected ones.
if test -z "$CONFIG_SITE"; then
  if test "x$prefix" != xNONE; then
    CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
  else
    CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
  fi
fi
for ac_site_file in $CONFIG_SITE; do
  if test -r "$ac_site_file"; then
    echo "loading site script $ac_site_file"
    . "$ac_site_file"
  fi
done

if test -r "$cache_file"; then
  echo "loading cache $cache_file"
  . $cache_file
else
  echo "creating cache $cache_file"
  > $cache_file
fi

ac_ext=c
# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
ac_cpp='$CPP $CPPFLAGS'
ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
cross_compiling=$ac_cv_prog_cc_cross

ac_exeext=
ac_objext=o
if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
  # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu.
  if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
    ac_n= ac_c='
' ac_t='	'
  else
    ac_n=-n ac_c= ac_t=
  fi
else
  ac_n= ac_c='\c' ac_t=
fi




VERSION=1.4.5

SRC=. 
# Extract the first word of "gcc", so it can be a program name with args.
set dummy gcc; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
echo "configure:568: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
  echo $ac_n "(cached) $ac_c" 1>&6
else
  if test -n "$CC"; then
  ac_cv_prog_CC="$CC" # Let the user override the test.
else
  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
  ac_dummy="$PATH"
  for ac_dir in $ac_dummy; do
    test -z "$ac_dir" && ac_dir=.
    if test -f $ac_dir/$ac_word; then
      ac_cv_prog_CC="gcc"
      break
    fi
  done
  IFS="$ac_save_ifs"
fi
fi
CC="$ac_cv_prog_CC"
if test -n "$CC"; then
  echo "$ac_t""$CC" 1>&6
else
  echo "$ac_t""no" 1>&6
fi

if test -z "$CC"; then
  # Extract the first word of "cc", so it can be a program name with args.
set dummy cc; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
echo "configure:598: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
  echo $ac_n "(cached) $ac_c" 1>&6
else
  if test -n "$CC"; then
  ac_cv_prog_CC="$CC" # Let the user override the test.
else
  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
  ac_prog_rejected=no
  ac_dummy="$PATH"
  for ac_dir in $ac_dummy; do
    test -z "$ac_dir" && ac_dir=.
    if test -f $ac_dir/$ac_word; then
      if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then
        ac_prog_rejected=yes
	continue
      fi
      ac_cv_prog_CC="cc"
      break
    fi
  done
  IFS="$ac_save_ifs"
if test $ac_prog_rejected = yes; then
  # We found a bogon in the path, so make sure we never use it.
  set dummy $ac_cv_prog_CC
  shift
  if test $# -gt 0; then
    # We chose a different compiler from the bogus one.
    # However, it has the same basename, so the bogon will be chosen
    # first if we set CC to just the basename; use the full file name.
    shift
    set dummy "$ac_dir/$ac_word" "$@"
    shift
    ac_cv_prog_CC="$@"
  fi
fi
fi
fi
CC="$ac_cv_prog_CC"
if test -n "$CC"; then
  echo "$ac_t""$CC" 1>&6
else
  echo "$ac_t""no" 1>&6
fi

  if test -z "$CC"; then
    case "`uname -s`" in
    *win32* | *WIN32*)
      # Extract the first word of "cl", so it can be a program name with args.
set dummy cl; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
echo "configure:649: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
  echo $ac_n "(cached) $ac_c" 1>&6
else
  if test -n "$CC"; then
  ac_cv_prog_CC="$CC" # Let the user override the test.
else
  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
  ac_dummy="$PATH"
  for ac_dir in $ac_dummy; do
    test -z "$ac_dir" && ac_dir=.
    if test -f $ac_dir/$ac_word; then
      ac_cv_prog_CC="cl"
      break
    fi
  done
  IFS="$ac_save_ifs"
fi
fi
CC="$ac_cv_prog_CC"
if test -n "$CC"; then
  echo "$ac_t""$CC" 1>&6
else
  echo "$ac_t""no" 1>&6
fi
 ;;
    esac
  fi
  test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; }
fi

echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
echo "configure:681: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5

ac_ext=c
# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
ac_cpp='$CPP $CPPFLAGS'
ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
cross_compiling=$ac_cv_prog_cc_cross

cat > conftest.$ac_ext << EOF

#line 692 "configure"
#include "confdefs.h"

main(){return(0);}
EOF
if { (eval echo configure:697: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
  ac_cv_prog_cc_works=yes
  # If we can't run a trivial program, we are probably using a cross compiler.
  if (./conftest; exit) 2>/dev/null; then
    ac_cv_prog_cc_cross=no
  else
    ac_cv_prog_cc_cross=yes
  fi
else
  echo "configure: failed program was:" >&5
  cat conftest.$ac_ext >&5
  ac_cv_prog_cc_works=no
fi
rm -fr conftest*
ac_ext=c
# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
ac_cpp='$CPP $CPPFLAGS'
ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
cross_compiling=$ac_cv_prog_cc_cross

echo "$ac_t""$ac_cv_prog_cc_works" 1>&6
if test $ac_cv_prog_cc_works = no; then
  { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
fi
echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
echo "configure:723: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
cross_compiling=$ac_cv_prog_cc_cross

echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
echo "configure:728: checking whether we are using GNU C" >&5
if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
  echo $ac_n "(cached) $ac_c" 1>&6
else
  cat > conftest.c <<EOF
#ifdef __GNUC__
  yes;
#endif
EOF
if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:737: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
  ac_cv_prog_gcc=yes
else
  ac_cv_prog_gcc=no
fi
fi

echo "$ac_t""$ac_cv_prog_gcc" 1>&6

if test $ac_cv_prog_gcc = yes; then
  GCC=yes
else
  GCC=
fi

ac_test_CFLAGS="${CFLAGS+set}"
ac_save_CFLAGS="$CFLAGS"
CFLAGS=
echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
echo "configure:756: checking whether ${CC-cc} accepts -g" >&5
if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
  echo $ac_n "(cached) $ac_c" 1>&6
else
  echo 'void f(){}' > conftest.c
if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then
  ac_cv_prog_cc_g=yes
else
  ac_cv_prog_cc_g=no
fi
rm -f conftest*

fi

echo "$ac_t""$ac_cv_prog_cc_g" 1>&6
if test "$ac_test_CFLAGS" = set; then
  CFLAGS="$ac_save_CFLAGS"
elif test $ac_cv_prog_cc_g = yes; then
  if test "$GCC" = yes; then
    CFLAGS="-g -O2"
  else
    CFLAGS="-g"
  fi
else
  if test "$GCC" = yes; then
    CFLAGS="-O2"
  else
    CFLAGS=
  fi
fi

test "$GCC" || { echo "configure: error: You would not have much luck compiling kernel code with non-gcc..." 1>&2; exit 1; }
echo $ac_n "checking whether gcc needs -fno-strict-aliasing""... $ac_c" 1>&6
echo "configure:789: checking whether gcc needs -fno-strict-aliasing" >&5
ax_stack=`expr 0$ax_stack + 1`
eval CFLAGS_AX_$ax_stack=\"$CFLAGS\"
eval CPPFLAGS_AX_$ax_stack=\"$CPPFLAGS\"
eval LDFLAGS_AX_$ax_stack=\"$LDFLAGS\"
eval LIBS_AX_$ax_stack=\"$LIBS\"

CFLAGS="-fno-strict-aliasing $CFLAGS"
cat > conftest.$ac_ext <<EOF
#line 798 "configure"
#include "confdefs.h"

int main() {
return;
; return 0; }
EOF
if { (eval echo configure:805: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
  rm -rf conftest*
  
  echo "$ac_t""yes" 1>&6

else
  echo "configure: failed program was:" >&5
  cat conftest.$ac_ext >&5
  rm -rf conftest*
  
  echo "$ac_t""no" 1>&6
  eval CFLAGS=\"\${CFLAGS_AX_$ax_stack}\"
eval CPPFLAGS=\"\${CPPFLAGS_AX_$ax_stack}\"
eval LDFLAGS=\"\${LDFLAGS_AX_$ax_stack}\"
eval LIBS=\"\${LIBS_AX_$ax_stack}\"
ax_stack=`expr 0$ax_stack - 1`


fi
rm -f conftest*

echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
echo "configure:827: checking how to run the C preprocessor" >&5
# On Suns, sometimes $CPP names a directory.
if test -n "$CPP" && test -d "$CPP"; then
  CPP=
fi
if test -z "$CPP"; then
if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then
  echo $ac_n "(cached) $ac_c" 1>&6
else
    # This must be in double quotes, not single quotes, because CPP may get
  # substituted into the Makefile and "${CC-cc}" will confuse make.
  CPP="${CC-cc} -E"
  # On the NeXT, cc -E runs the code through the compiler's parser,
  # not just through cpp.
  cat > conftest.$ac_ext <<EOF
#line 842 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
{ (eval echo configure:848: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
  :
else
  echo "$ac_err" >&5
  echo "configure: failed program was:" >&5
  cat conftest.$ac_ext >&5
  rm -rf conftest*
  CPP="${CC-cc} -E -traditional-cpp"
  cat > conftest.$ac_ext <<EOF
#line 859 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
{ (eval echo configure:865: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
  :
else
  echo "$ac_err" >&5
  echo "configure: failed program was:" >&5
  cat conftest.$ac_ext >&5
  rm -rf conftest*
  CPP="${CC-cc} -nologo -E"
  cat > conftest.$ac_ext <<EOF
#line 876 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
{ (eval echo configure:882: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
  :
else
  echo "$ac_err" >&5
  echo "configure: failed program was:" >&5
  cat conftest.$ac_ext >&5
  rm -rf conftest*
  CPP=/lib/cpp
fi
rm -f conftest*
fi
rm -f conftest*
fi
rm -f conftest*
  ac_cv_prog_CPP="$CPP"
fi
  CPP="$ac_cv_prog_CPP"
else
  ac_cv_prog_CPP="$CPP"
fi
echo "$ac_t""$CPP" 1>&6

for ac_prog in texinfo tex
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
echo "configure:911: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_TEXINFO'+set}'`\" = set"; then
  echo $ac_n "(cached) $ac_c" 1>&6
else
  if test -n "$TEXINFO"; then
  ac_cv_prog_TEXINFO="$TEXINFO" # Let the user override the test.
else
  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
  ac_dummy="$PATH"
  for ac_dir in $ac_dummy; do
    test -z "$ac_dir" && ac_dir=.
    if test -f $ac_dir/$ac_word; then
      ac_cv_prog_TEXINFO="$ac_prog"
      break
    fi
  done
  IFS="$ac_save_ifs"
fi
fi
TEXINFO="$ac_cv_prog_TEXINFO"
if test -n "$TEXINFO"; then
  echo "$ac_t""$TEXINFO" 1>&6
else
  echo "$ac_t""no" 1>&6
fi

test -n "$TEXINFO" && break
done
test -n "$TEXINFO" || TEXINFO=":"

for ac_prog in makeinfo
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
echo "configure:946: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_MAKEINFO'+set}'`\" = set"; then
  echo $ac_n "(cached) $ac_c" 1>&6
else
  if test -n "$MAKEINFO"; then
  ac_cv_prog_MAKEINFO="$MAKEINFO" # Let the user override the test.
else
  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
  ac_dummy="$PATH"
  for ac_dir in $ac_dummy; do
    test -z "$ac_dir" && ac_dir=.
    if test -f $ac_dir/$ac_word; then
      ac_cv_prog_MAKEINFO="$ac_prog"
      break
    fi
  done
  IFS="$ac_save_ifs"
fi
fi
MAKEINFO="$ac_cv_prog_MAKEINFO"
if test -n "$MAKEINFO"; then
  echo "$ac_t""$MAKEINFO" 1>&6
else
  echo "$ac_t""no" 1>&6
fi

test -n "$MAKEINFO" && break
done
test -n "$MAKEINFO" || MAKEINFO=":"


CFLAGS="-Wall -Wstrict-prototypes -fomit-frame-pointer -fno-strength-reduce $CFLAGS"
     KCPPFLAGS="$CPPFLAGS"
       KCFLAGS="-O3 -funroll-loops $CFLAGS"
         KDEFS="-D__KERNEL__ -DMODULE $DEFS"
      KLDFLAGS="-r -S"
     UCPPFLAGS="$CPPFLAGS"
       UCFLAGS="-O3 -fno-inline-functions $CFLAGS"
         UDEFS="$DEFS"
      ULDFLAGS="$LDFLAGS"
         ULIBS="$LIBS"


echo $ac_n "checking for kernel include tree""... $ac_c" 1>&6
echo "configure:990: checking for kernel include tree" >&5

# Check whether --with-linux or --without-linux was given.
if test "${with_linux+set}" = set; then
  withval="$with_linux"
  KSRC=$withval
fi


# Check whether --with-linux-include or --without-linux-include was given.
if test "${with_linux_include+set}" = set; then
  withval="$with_linux_include"
  KINC=$withval
fi

if ! test "$KSRC$KINC" ; then
  KSRC=/usr/src/linux
fi
if test -z "$KINC" -o ! -d "$KINC" ; then
  if test -d "$KSRC" -a -f $KSRC/include/linux/autoconf.h ; then
    KINC=$KSRC/include
  fi
fi
if test -z "$KSRC" -o ! -d "$KSRC" ; then
  if test -f $KINC/include/linux/autoconf.h; then
    KINC=$KINC/include;   elif test -f $KINC/linux/autoconf.h; then
    KSRC=;
  fi
fi
if ! test -f $KINC/linux/version.h ; then
  { echo "configure: error: no suitable configured kernel include tree found" 1>&2; exit 1; }
fi
if test -x /bin/pwd ; then
  test "$KSRC" && KSRC=`cd $KSRC; /bin/pwd`
  KINC=`cd $KINC; /bin/pwd`
fi
echo "$ac_t""$KINC" 1>&6

echo $ac_n "checking for architecture""... $ac_c" 1>&6
echo "configure:1029: checking for architecture" >&5
ARCH=`uname -m | sed -e 's/i.86/i386/;s/sun4u/sparc64/;s/arm.*/arm/;s/sa110/arm/'`
echo "$ac_t""$ARCH" 1>&6


oldcppflags="$CPPFLAGS"
CPPFLAGS="-I$KINC $CPPFLAGS"


echo $ac_n "checking for kernel version""... $ac_c" 1>&6
echo "configure:1039: checking for kernel version" >&5
cat > conftest.$ac_ext <<EOF
#line 1041 "configure"
#include "confdefs.h"
#include <linux/version.h>
UTS_RELEASE
EOF
(eval "$ac_cpp conftest.$ac_ext") 2>&5 |\
 sed -n -e 's/^"\(.*\)".*$/\1/p' >conftest
set "X" "`cat conftest`"
ax_result=$2
rm -f conftest*

KVERS=$ax_result
echo "$ac_t""$KVERS" 1>&6
case "$KVERS" in
2.[01234].*) ;;
*) { echo "configure: error: Unsupported kernel version" 1>&2; exit 1; }
esac
kcomp=
if test -f $KINC/linux/compile.h; then
  cat > conftest.$ac_ext <<EOF
#line 1061 "configure"
#include "confdefs.h"
#include <linux/compile.h>
LINUX_COMPILER
EOF
(eval "$ac_cpp conftest.$ac_ext") 2>&5 |\
 sed -n -e 's/^"\(.*\)".*$/\1/p' >conftest
set "X" "`cat conftest`"
ax_result=$2
rm -f conftest*

  kcomp=$ax_result
fi
if test -z "$kcomp" ; then
  echo "configure: warning: could not find kernel compiler version" 1>&2
else
  tcomp=`$CC -v 2>&1 | tail -1`
  if ! test "$kcomp" = "$tcomp" ; then
    echo "configure: warning: Compiler version mismatch - try using $kcomp" 1>&2
  fi
fi

echo $ac_n "checking for SMP""... $ac_c" 1>&6
echo "configure:1084: checking for SMP" >&5
smp=0
case "$KVERS" in
2.[01].*)
    if egrep "^ *SMP *= *1" $KSRC/Makefile >/dev/null 2>&1; then
  smp=1
fi

  ;;
*)
  cat > conftest.$ac_ext <<EOF
#line 1095 "configure"
#include "confdefs.h"

	#include <linux/autoconf.h>
	#ifdef CONFIG_SMP
	 yes
	#endif
  
EOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
  egrep "yes" >/dev/null 2>&1; then
  rm -rf conftest*
  smp=1
fi
rm -f conftest*

  ;;
esac
test "$smp" = 1 && cat >> confdefs.h <<\EOF
#define __SMP__ 1
EOF

x=no
test "x$smp" = "x1" && x=yes
echo "$ac_t""$x" 1>&6

echo $ac_n "checking for versioned symbols""... $ac_c" 1>&6
echo "configure:1122: checking for versioned symbols" >&5
mv=0
cat > conftest.$ac_ext <<EOF
#line 1125 "configure"
#include "confdefs.h"

	#include <linux/autoconf.h>
	#ifdef CONFIG_MODVERSIONS
	 yes
	#endif

EOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
  egrep "yes" >/dev/null 2>&1; then
  rm -rf conftest*
  mv=1
fi
rm -f conftest*

x=no
test "x$mv" = "x1" && x=yes
echo "$ac_t""$x" 1>&6
test "$mv" = 1 && cat >> confdefs.h <<\EOF
#define MODVERSIONS 1
EOF




# Check whether --enable-protocol or --disable-protocol was given.
if test "${enable_protocol+set}" = set; then
  enableval="$enable_protocol"
  VERS=$enableval
else
  VERS=3
fi

test "$VERS" -lt 3 && echo "configure: warning: Protocols less than 3 are deprecated" 1>&2
verl=`expr substr abcdef $VERS 1`

# Check whether --enable-idea or --disable-idea was given.
if test "${enable_idea+set}" = set; then
  enableval="$enable_idea"
  CRYPTO=IDEA;crypt=i
else
  CRYPTO=Blowfish;crypt=b
fi


MODULE=cip$verl$crypt.o

CIPED=ciped-$verl$crypt
# Check whether --enable-debug or --disable-debug was given.
if test "${enable_debug+set}" = set; then
  enableval="$enable_debug"
  test "$enableval" = "no" && e=0
else
  e=1
fi

test "$e" = "1" && cat >> confdefs.h <<\EOF
#define DEBUG 1
EOF

# Check whether --enable-dyndev or --disable-dyndev was given.
if test "${enable_dyndev+set}" = set; then
  enableval="$enable_dyndev"
  test "$enableval" = "no" && e=0
else
  e=1
fi

test "$e" = "0" && cat >> confdefs.h <<\EOF
#define NO_DYNDEV 1
EOF

# Check whether --enable-logfacility or --disable-logfacility was given.
if test "${enable_logfacility+set}" = set; then
  enableval="$enable_logfacility"
  
  f=`echo "$enableval" | sed 's,^log_,,i' | tr a-z A-Z`
  cat >> confdefs.h <<EOF
#define LOGFAC LOG_$f
EOF


else
  cat >> confdefs.h <<\EOF
#define LOGFAC LOG_DAEMON
EOF

fi

cat >> confdefs.h <<EOF
#define ProtocolVersion $VERS
EOF

cat >> confdefs.h <<EOF
#define VERSION "$VERSION"
EOF

# Check whether --enable-bug-compatible or --disable-bug-compatible was given.
if test "${enable_bug_compatible+set}" = set; then
  enableval="$enable_bug_compatible"
  test "$enableval" = "no" || cat >> confdefs.h <<\EOF
#define BUG_COMPATIBLE 1
EOF

fi





ASMOBJS=
CCOBJS=
# Check whether --enable-asm or --disable-asm was given.
if test "${enable_asm+set}" = set; then
  enableval="$enable_asm"
  test "$enableval" = "no" && e=0
else
  e=1
fi

echo $ac_n "checking for assembler parts""... $ac_c" 1>&6
echo "configure:1247: checking for assembler parts" >&5
case "$CRYPTO" in
  Blowfish) cat >> confdefs.h <<\EOF
#define Crypto_Blowfish 1
EOF

  if test $e -eq 1 -a -f $SRC/bf-$ARCH.S; then
    cat >> confdefs.h <<\EOF
#define ASM_BF_Crypt 1
EOF

    ASMOBJS=bf-$ARCH.o
  fi
  CCOBJS=bf.o
  ;;
  IDEA) cat >> confdefs.h <<\EOF
#define Crypto_IDEA 1
EOF

    if test $e -eq 1 -a -f $SRC/idea-$ARCH.S; then
    cat >> confdefs.h <<\EOF
#define ASM_Idea_Crypt 1
EOF

    ASMOBJS=idea-$ARCH.o
  else
    CCOBJS=idea0.o
  fi ;;
esac
if test "$ASMOBJS" ; then echo "$ac_t""$ASMOBJS" 1>&6 ; else echo "$ac_t""none" 1>&6 ; fi


case "$VERS" in
1|2) CRCOBJS=crc.o ; CRC32OBJS=crc32.o ;;
*)   CRCOBJS=crc32.o ; CRC32OBJS= ;;
esac

for ac_func in mlock mlockall
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
echo "configure:1287: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
  echo $ac_n "(cached) $ac_c" 1>&6
else
  cat > conftest.$ac_ext <<EOF
#line 1292 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
    which can conflict with char $ac_func(); below.  */
#include <assert.h>
/* Override any gcc2 internal prototype to avoid an error.  */
/* We use char because int might match the return type of a gcc2
    builtin and then its argument prototype would still apply.  */
char $ac_func();

int main() {

/* The GNU C library defines this for functions which it implements
    to always fail with ENOSYS.  Some functions are actually named
    something starting with __ and the normal name is an alias.  */
#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
choke me
#else
$ac_func();
#endif

; return 0; }
EOF
if { (eval echo configure:1315: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
  rm -rf conftest*
  eval "ac_cv_func_$ac_func=yes"
else
  echo "configure: failed program was:" >&5
  cat conftest.$ac_ext >&5
  rm -rf conftest*
  eval "ac_cv_func_$ac_func=no"
fi
rm -f conftest*
fi

if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
  echo "$ac_t""yes" 1>&6
    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
  cat >> confdefs.h <<EOF
#define $ac_tr_func 1
EOF
 
else
  echo "$ac_t""no" 1>&6
fi
done


CPPFLAGS="$oldcppflags"
KCPPFLAGS="-I. -I../$SRC -I$KINC -include ./config.h $KCPPFLAGS"
UCPPFLAGS="-I. -I../$SRC -I$KINC -include ./config.h $UCPPFLAGS"

name=""
# Check whether --enable-name or --disable-name was given.
if test "${enable_name+set}" = set; then
  enableval="$enable_name"
  name="-$enableval"
fi



if test "$smp" = "1"; then
  BUILD=$KVERS-$ARCH-SMP-$verl$crypt$name
else
  BUILD=$KVERS-$ARCH-$verl$crypt$name
fi
trap '' 1 2 15
cat > confcache <<\EOF
# This file is a shell script that caches the results of configure
# tests run on this system so they can be shared between configure
# scripts and configure runs.  It is not useful on other systems.
# If it contains results you don't want to keep, you may remove or edit it.
#
# By default, configure uses ./config.cache as the cache file,
# creating it if it does not exist already.  You can give configure
# the --cache-file=FILE option to use a different cache file; that is
# what configure does when it calls configure scripts in
# subdirectories, so they share the cache.
# Giving --cache-file=/dev/null disables caching, for debugging configure.
# config.status only pays attention to the cache file if you give it the
# --recheck option to rerun configure.
#
EOF
# The following way of writing the cache mishandles newlines in values,
# but we know of no workaround that is simple, portable, and efficient.
# So, don't put newlines in cache variables' values.
# Ultrix sh set writes to stderr and can't be redirected directly,
# and sets the high bit in the cache file unless we assign to the vars.
(set) 2>&1 |
  case `(ac_space=' '; set | grep ac_space) 2>&1` in
  *ac_space=\ *)
    # `set' does not quote correctly, so add quotes (double-quote substitution
    # turns \\\\ into \\, and sed turns \\ into \).
    sed -n \
      -e "s/'/'\\\\''/g" \
      -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p"
    ;;
  *)
    # `set' quotes correctly as required by POSIX, so do not add quotes.
    sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p'
    ;;
  esac >> confcache
if cmp -s $cache_file confcache; then
  :
else
  if test -w $cache_file; then
    echo "updating cache $cache_file"
    cat confcache > $cache_file
  else
    echo "not updating unwritable cache $cache_file"
  fi
fi
rm -f confcache

trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15

test "x$prefix" = xNONE && prefix=$ac_default_prefix
# Let make expand exec_prefix.
test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'

# Any assignment to VPATH causes Sun make to only execute
# the first set of double-colon rules, so remove it if not needed.
# If there is a colon in the path, we need to keep it.
if test "x$srcdir" = x.; then
  ac_vpsub='/^[ 	]*VPATH[ 	]*=[^:]*$/d'
fi

trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15

DEFS=-DHAVE_CONFIG_H

# Without the "./", some shells look in PATH for config.status.
: ${CONFIG_STATUS=./config.status}

echo creating $CONFIG_STATUS
rm -f $CONFIG_STATUS
cat > $CONFIG_STATUS <<EOF
#! /bin/sh
# Generated automatically by configure.
# Run this file to recreate the current configuration.
# This directory was configured as follows,
# on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
#
# $0 $ac_configure_args
#
# Compiler output produced by configure, useful for debugging
# configure, is in ./config.log if it exists.

ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]"
for ac_option
do
  case "\$ac_option" in
  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
    echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion"
    exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;;
  -version | --version | --versio | --versi | --vers | --ver | --ve | --v)
    echo "$CONFIG_STATUS generated by autoconf version 2.13"
    exit 0 ;;
  -help | --help | --hel | --he | --h)
    echo "\$ac_cs_usage"; exit 0 ;;
  *) echo "\$ac_cs_usage"; exit 1 ;;
  esac
done

ac_given_srcdir=$srcdir

trap 'rm -fr `echo "Makefile:conf/Makefile-top.in $BUILD/Makefile:conf/Makefile-obj.in $BUILD/config.h:conf/config.h.in" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
EOF
cat >> $CONFIG_STATUS <<EOF

# Protect against being on the right side of a sed subst in config.status.
sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g;
 s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF
$ac_vpsub
$extrasub
s%@SHELL@%$SHELL%g
s%@CFLAGS@%$CFLAGS%g
s%@CPPFLAGS@%$CPPFLAGS%g
s%@CXXFLAGS@%$CXXFLAGS%g
s%@FFLAGS@%$FFLAGS%g
s%@DEFS@%$DEFS%g
s%@LDFLAGS@%$LDFLAGS%g
s%@LIBS@%$LIBS%g
s%@exec_prefix@%$exec_prefix%g
s%@prefix@%$prefix%g
s%@program_transform_name@%$program_transform_name%g
s%@bindir@%$bindir%g
s%@sbindir@%$sbindir%g
s%@libexecdir@%$libexecdir%g
s%@datadir@%$datadir%g
s%@sysconfdir@%$sysconfdir%g
s%@sharedstatedir@%$sharedstatedir%g
s%@localstatedir@%$localstatedir%g
s%@libdir@%$libdir%g
s%@includedir@%$includedir%g
s%@oldincludedir@%$oldincludedir%g
s%@infodir@%$infodir%g
s%@mandir@%$mandir%g
s%@VERSION@%$VERSION%g
s%@SRC@%$SRC%g
s%@CC@%$CC%g
s%@CPP@%$CPP%g
s%@TEXINFO@%$TEXINFO%g
s%@MAKEINFO@%$MAKEINFO%g
s%@KCPPFLAGS@%$KCPPFLAGS%g
s%@KCFLAGS@%$KCFLAGS%g
s%@KDEFS@%$KDEFS%g
s%@KLDFLAGS@%$KLDFLAGS%g
s%@UCPPFLAGS@%$UCPPFLAGS%g
s%@UCFLAGS@%$UCFLAGS%g
s%@UDEFS@%$UDEFS%g
s%@ULDFLAGS@%$ULDFLAGS%g
s%@ULIBS@%$ULIBS%g
s%@KSRC@%$KSRC%g
s%@KINC@%$KINC%g
s%@KVERS@%$KVERS%g
s%@VERS@%$VERS%g
s%@CRYPTO@%$CRYPTO%g
s%@MODULE@%$MODULE%g
s%@CIPED@%$CIPED%g
s%@ASMOBJS@%$ASMOBJS%g
s%@CCOBJS@%$CCOBJS%g
s%@CRCOBJS@%$CRCOBJS%g
s%@CRC32OBJS@%$CRC32OBJS%g
s%@BUILD@%$BUILD%g

CEOF
EOF

cat >> $CONFIG_STATUS <<\EOF

# Split the substitutions into bite-sized pieces for seds with
# small command number limits, like on Digital OSF/1 and HP-UX.
ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script.
ac_file=1 # Number of current file.
ac_beg=1 # First line for current file.
ac_end=$ac_max_sed_cmds # Line after last line for current file.
ac_more_lines=:
ac_sed_cmds=""
while $ac_more_lines; do
  if test $ac_beg -gt 1; then
    sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file
  else
    sed "${ac_end}q" conftest.subs > conftest.s$ac_file
  fi
  if test ! -s conftest.s$ac_file; then
    ac_more_lines=false
    rm -f conftest.s$ac_file
  else
    if test -z "$ac_sed_cmds"; then
      ac_sed_cmds="sed -f conftest.s$ac_file"
    else
      ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file"
    fi
    ac_file=`expr $ac_file + 1`
    ac_beg=$ac_end
    ac_end=`expr $ac_end + $ac_max_sed_cmds`
  fi
done
if test -z "$ac_sed_cmds"; then
  ac_sed_cmds=cat
fi
EOF

cat >> $CONFIG_STATUS <<EOF

CONFIG_FILES=\${CONFIG_FILES-"Makefile:conf/Makefile-top.in $BUILD/Makefile:conf/Makefile-obj.in"}
EOF
cat >> $CONFIG_STATUS <<\EOF
for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
  case "$ac_file" in
  *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'`
       ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
  *) ac_file_in="${ac_file}.in" ;;
  esac

  # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories.

  # Remove last slash and all that follows it.  Not all systems have dirname.
  ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'`
  if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
    # The file is in a subdirectory.
    test ! -d "$ac_dir" && mkdir "$ac_dir"
    ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`"
    # A "../" for each directory in $ac_dir_suffix.
    ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'`
  else
    ac_dir_suffix= ac_dots=
  fi

  case "$ac_given_srcdir" in
  .)  srcdir=.
      if test -z "$ac_dots"; then top_srcdir=.
      else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;;
  /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;;
  *) # Relative path.
    srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix"
    top_srcdir="$ac_dots$ac_given_srcdir" ;;
  esac


  echo creating "$ac_file"
  rm -f "$ac_file"
  configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure."
  case "$ac_file" in
  *Makefile*) ac_comsub="1i\\
# $configure_input" ;;
  *) ac_comsub= ;;
  esac

  ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"`
  sed -e "$ac_comsub
s%@configure_input@%$configure_input%g
s%@srcdir@%$srcdir%g
s%@top_srcdir@%$top_srcdir%g
" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file
fi; done
rm -f conftest.s*

# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
# NAME is the cpp macro being defined and VALUE is the value it is being given.
#
# ac_d sets the value in "#define NAME VALUE" lines.
ac_dA='s%^\([ 	]*\)#\([ 	]*define[ 	][ 	]*\)'
ac_dB='\([ 	][ 	]*\)[^ 	]*%\1#\2'
ac_dC='\3'
ac_dD='%g'
# ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE".
ac_uA='s%^\([ 	]*\)#\([ 	]*\)undef\([ 	][ 	]*\)'
ac_uB='\([ 	]\)%\1#\2define\3'
ac_uC=' '
ac_uD='\4%g'
# ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
ac_eA='s%^\([ 	]*\)#\([ 	]*\)undef\([ 	][ 	]*\)'
ac_eB='$%\1#\2define\3'
ac_eC=' '
ac_eD='%g'

if test "${CONFIG_HEADERS+set}" != set; then
EOF
cat >> $CONFIG_STATUS <<EOF
  CONFIG_HEADERS="$BUILD/config.h:conf/config.h.in"
EOF
cat >> $CONFIG_STATUS <<\EOF
fi
for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then
  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
  case "$ac_file" in
  *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'`
       ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
  *) ac_file_in="${ac_file}.in" ;;
  esac

  echo creating $ac_file

  rm -f conftest.frag conftest.in conftest.out
  ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"`
  cat $ac_file_inputs > conftest.in

EOF

# Transform confdefs.h into a sed script conftest.vals that substitutes
# the proper values into config.h.in to produce config.h.  And first:
# Protect against being on the right side of a sed subst in config.status.
# Protect against being in an unquoted here document in config.status.
rm -f conftest.vals
cat > conftest.hdr <<\EOF
s/[\\&%]/\\&/g
s%[\\$`]%\\&%g
s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp
s%ac_d%ac_u%gp
s%ac_u%ac_e%gp
EOF
sed -n -f conftest.hdr confdefs.h > conftest.vals
rm -f conftest.hdr

# This sed command replaces #undef with comments.  This is necessary, for
# example, in the case of _POSIX_SOURCE, which is predefined and required
# on some systems where configure will not decide to define it.
cat >> conftest.vals <<\EOF
s%^[ 	]*#[ 	]*undef[ 	][ 	]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */%
EOF

# Break up conftest.vals because some shells have a limit on
# the size of here documents, and old seds have small limits too.

rm -f conftest.tail
while :
do
  ac_lines=`grep -c . conftest.vals`
  # grep -c gives empty output for an empty file on some AIX systems.
  if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi
  # Write a limited-size here document to conftest.frag.
  echo '  cat > conftest.frag <<CEOF' >> $CONFIG_STATUS
  sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS
  echo 'CEOF
  sed -f conftest.frag conftest.in > conftest.out
  rm -f conftest.in
  mv conftest.out conftest.in
' >> $CONFIG_STATUS
  sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail
  rm -f conftest.vals
  mv conftest.tail conftest.vals
done
rm -f conftest.vals

cat >> $CONFIG_STATUS <<\EOF
  rm -f conftest.frag conftest.h
  echo "/* $ac_file.  Generated automatically by configure.  */" > conftest.h
  cat conftest.in >> conftest.h
  rm -f conftest.in
  if cmp -s $ac_file conftest.h 2>/dev/null; then
    echo "$ac_file is unchanged"
    rm -f conftest.h
  else
    # Remove last slash and all that follows it.  Not all systems have dirname.
      ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'`
      if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
      # The file is in a subdirectory.
      test ! -d "$ac_dir" && mkdir "$ac_dir"
    fi
    rm -f $ac_file
    mv conftest.h $ac_file
  fi
fi; done

EOF
cat >> $CONFIG_STATUS <<EOF

EOF
cat >> $CONFIG_STATUS <<\EOF

exit 0
EOF
chmod +x $CONFIG_STATUS
rm -fr confdefs* $ac_clean_files
test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1

cipe-1.4.5/configure.in0100664000062500000040000001555307206556626013237 0ustar  olafadm#   Autoconf script for CIPE, -*-fundamental-*-
#
#   Copyright 1999 Olaf Titz <olaf@bigred.inka.de>
#
#   This program is free software; you can redistribute it and/or
#   modify it under the terms of the GNU General Public License
#   as published by the Free Software Foundation; either version
#   2 of the License, or (at your option) any later version.
#
AC_REVISION($Id: configure.in,v 1.20.2.5 2000/11/21 20:39:50 olaf Exp $)
dnl
dnl Process this file with autoconf to produce a configure script.
dnl
AC_PREREQ(2.13)
AC_INIT(./ciped.c)
AC_CONFIG_HEADER($BUILD/config.h:conf/config.h.in)
dnl $BUILD is set below - this works for autoconf 2.13, somewhat undocumented
AC_SUBST(VERSION)
VERSION=1.4.5
AC_SUBST(SRC)
SRC=. dnl will be moved later

AC_PROG_CC
test "$GCC" || AC_ERROR(You would not have much luck compiling kernel code with non-gcc...)
dnl On the side of caution: the kernel headers contain inline funcs and
dnl we dont know for sure if they are alias-safe
AC_MSG_CHECKING(whether gcc needs -fno-strict-aliasing)
AX_PUSH
CFLAGS="-fno-strict-aliasing $CFLAGS"
AC_TRY_COMPILE([], [return;], [
  AC_MSG_RESULT(yes)
], [
  AC_MSG_RESULT(no)
  AX_POP
])

AC_PROG_CPP
AC_CHECK_PROGS(TEXINFO, texinfo tex, :)
AC_CHECK_PROGS(MAKEINFO, makeinfo, :)

CFLAGS="-Wall -Wstrict-prototypes -fomit-frame-pointer -fno-strength-reduce $CFLAGS"
dnl We separate compilation parameters in kernel and user part
AC_SUBST(KCPPFLAGS)     KCPPFLAGS="$CPPFLAGS"
AC_SUBST(KCFLAGS)       KCFLAGS="-O3 -funroll-loops $CFLAGS"
AC_SUBST(KDEFS)         KDEFS="-D__KERNEL__ -DMODULE $DEFS"
AC_SUBST(KLDFLAGS)      KLDFLAGS="-r -S"
dnl For user part. no-inline because egcs plays havoc with logs() in ciped
AC_SUBST(UCPPFLAGS)     UCPPFLAGS="$CPPFLAGS"
AC_SUBST(UCFLAGS)       UCFLAGS="-O3 -fno-inline-functions $CFLAGS"
AC_SUBST(UDEFS)         UDEFS="$DEFS"
AC_SUBST(ULDFLAGS)      ULDFLAGS="$LDFLAGS"
AC_SUBST(ULIBS)         ULIBS="$LIBS"

dnl  --- Find the Linux kernel, at least the headers ---

AC_MSG_CHECKING(for kernel include tree)
AC_SUBST(KSRC)
AC_ARG_WITH(linux,
[  --with-linux=PATH       Path to Linux source tree], KSRC=$withval)
AC_SUBST(KINC)
AC_ARG_WITH(linux-include,
[  --with-linux-include=PATH
                          Path to Linux include tree], KINC=$withval)
dnl use default only if nothing specified
if ! test "$KSRC$KINC" ; then
  KSRC=/usr/src/linux
fi
if test -z "$KINC" -o ! -d "$KINC" ; then
  if test -d "$KSRC" -a -f $KSRC/include/linux/autoconf.h ; then
    KINC=$KSRC/include
  fi
fi
if test -z "$KSRC" -o ! -d "$KSRC" ; then
  if test -f $KINC/include/linux/autoconf.h; then
    KINC=$KINC/include; dnl test for obvious mis-specification
  elif test -f $KINC/linux/autoconf.h; then
    KSRC=;
  fi
fi
if ! test -f $KINC/linux/version.h ; then
  AC_MSG_ERROR(no suitable configured kernel include tree found)
fi
dnl attempt to follow symlinks
if test -x /bin/pwd ; then
  test "$KSRC" && KSRC=`cd $KSRC; /bin/pwd`
  KINC=`cd $KINC; /bin/pwd`
fi
AC_MSG_RESULT($KINC)

AC_MSG_CHECKING(for architecture)
ARCH=`uname -m | sed -e 's/i.86/i386/;s/sun4u/sparc64/;s/arm.*/arm/;s/sa110/arm/'`
AC_MSG_RESULT($ARCH)

dnl  --- Get Linux kernel version and compile parameters ---

oldcppflags="$CPPFLAGS"
CPPFLAGS="-I$KINC $CPPFLAGS"

AC_SUBST(KVERS)
AC_MSG_CHECKING(for kernel version)
AX_MACRO_STR(UTS_RELEASE, linux/version.h)
KVERS=$ax_result
AC_MSG_RESULT($KVERS)
case "$KVERS" in
2.[[01234]].*) ;;
*) AC_MSG_ERROR(Unsupported kernel version)
esac
kcomp=
if test -f $KINC/linux/compile.h; then
  AX_MACRO_STR(LINUX_COMPILER, linux/compile.h)
  kcomp=$ax_result
fi
if test -z "$kcomp" ; then
  AC_MSG_WARN(could not find kernel compiler version)
else
  tcomp=`$CC -v 2>&1 | tail -1`
  if ! test "$kcomp" = "$tcomp" ; then
    AC_MSG_WARN(Compiler version mismatch - try using $kcomp)
  fi
fi

AC_MSG_CHECKING(for SMP)
smp=0
case "$KVERS" in
2.[[01]].*)
  AX_EGREP([^ *SMP *= *1], $KSRC/Makefile, smp=1)
  ;;
*)
  AC_EGREP_CPP(yes, [
	#include <linux/autoconf.h>
	#ifdef CONFIG_SMP
	 yes
	#endif
  ], smp=1)
  ;;
esac
test "$smp" = 1 && AC_DEFINE(__SMP__)
AX_MSG_RESULT_YN($smp)

AC_MSG_CHECKING(for versioned symbols)
mv=0
AC_EGREP_CPP(yes, [
	#include <linux/autoconf.h>
	#ifdef CONFIG_MODVERSIONS
	 yes
	#endif
], mv=1)
AX_MSG_RESULT_YN($mv)
test "$mv" = 1 && AC_DEFINE(MODVERSIONS)

dnl --- Configuration parameters ---

AC_SUBST(VERS)
AC_ARG_ENABLE(protocol,
[  --enable-protocol=n     Use protocol n (should remain at 3)],
VERS=$enableval, VERS=3)
test "$VERS" -lt 3 && AC_MSG_WARN(Protocols less than 3 are deprecated)
verl=`expr substr abcdef $VERS 1`
AC_SUBST(CRYPTO)
AC_ARG_ENABLE(idea,
[  --enable-idea           Use the IDEA cipher (default is Blowfish)],
CRYPTO=IDEA;crypt=i, CRYPTO=Blowfish;crypt=b)
AC_SUBST(MODULE)
MODULE=cip$verl$crypt.o
AC_SUBST(CIPED)
CIPED=ciped-$verl$crypt
AC_ARG_ENABLE(debug,
[  --disable-debug         Disable debugging code in kernel module],
test "$enableval" = "no" && e=0, e=1)
test "$e" = "1" && AC_DEFINE(DEBUG)
AC_ARG_ENABLE(dyndev,
[  --disable-dyndev        Disable dynamic device allocation],
test "$enableval" = "no" && e=0, e=1)
test "$e" = "0" && AC_DEFINE(NO_DYNDEV)
AC_ARG_ENABLE(logfacility,
[  --enable-logfacility=x  Set syslog facility for ciped], [
  f=`echo "$enableval" | sed 's,^log_,,i' | tr a-z A-Z`
  AC_DEFINE_UNQUOTED(LOGFAC, LOG_$f)
], AC_DEFINE(LOGFAC, LOG_DAEMON))
AC_DEFINE_UNQUOTED(ProtocolVersion, $VERS)
AC_DEFINE_UNQUOTED(VERSION, "$VERSION")
AC_ARG_ENABLE(bug-compatible,
[  --enable-bug-compatible Use old, broken interpretation of keys],
test "$enableval" = "no" || AC_DEFINE(BUG_COMPATIBLE))

dnl --- Determine assembler modules ---

AC_SUBST(ASMOBJS)
AC_SUBST(CCOBJS)
ASMOBJS=
CCOBJS=
AC_ARG_ENABLE(asm,
[  --disable-asm           Disable use of assembler code],
test "$enableval" = "no" && e=0, e=1)
AC_MSG_CHECKING(for assembler parts)
case "$CRYPTO" in
  Blowfish) AC_DEFINE(Crypto_Blowfish)
  if test $e -eq 1 -a -f $SRC/bf-$ARCH.S; then
    AC_DEFINE(ASM_BF_Crypt)
    ASMOBJS=bf-$ARCH.o
  fi
  CCOBJS=bf.o
  ;;
  IDEA) AC_DEFINE(Crypto_IDEA)
    if test $e -eq 1 -a -f $SRC/idea-$ARCH.S; then
    AC_DEFINE(ASM_Idea_Crypt)
    ASMOBJS=idea-$ARCH.o
  else
    CCOBJS=idea0.o
  fi ;;
esac
if test "$ASMOBJS" ; then AC_MSG_RESULT($ASMOBJS) ; else AC_MSG_RESULT(none) ; fi
dnl sort out which CRC modules to use
AC_SUBST(CRCOBJS)
AC_SUBST(CRC32OBJS)
case "$VERS" in
1|2) CRCOBJS=crc.o ; CRC32OBJS=crc32.o ;;
*)   CRCOBJS=crc32.o ; CRC32OBJS= ;;
esac

AC_CHECK_FUNCS(mlock mlockall)

CPPFLAGS="$oldcppflags"
dnl make sure the config includes come first
KCPPFLAGS="-I. -I../$SRC -I$KINC -include ./config.h $KCPPFLAGS"
UCPPFLAGS="-I. -I../$SRC -I$KINC -include ./config.h $UCPPFLAGS"

dnl optional name suffix
name=""
AC_ARG_ENABLE(name,
[  --enable-name=n         Set build directory name suffix],
name="-$enableval")

AC_SUBST(BUILD)
if test "$smp" = "1"; then
  BUILD=$KVERS-$ARCH-SMP-$verl$crypt$name
else
  BUILD=$KVERS-$ARCH-$verl$crypt$name
fi
AC_OUTPUT(Makefile:conf/Makefile-top.in $BUILD/Makefile:conf/Makefile-obj.in)
cipe-1.4.5/cipe.info0100664000062500000040000016732307206556641012523 0ustar  olafadmThis is cipe.info, produced by makeinfo version 4.0 from cipe.texinfo.


File: cipe.info,  Node: Top,  Next: Introduction,  Prev: (dir),  Up: (dir)

CIPE
****

CIPE (the name is shortened from _Crypto IP Encapsulation_) is a
package for an encrypting IP tunnel device. This can be used to build
encrypting routers for VPN (Virtual Private Networks) and similar
applications.

    Copyright (C) 1996--2000 Olaf Titz. All rights reserved.

    This program including its documentation is free software; you can
    redistribute it and/or modify it under the terms of the GNU General
    Public License as published by the Free Software Foundation; either
    version 2 of the License, or (at your option) any later version.

    This program is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
    General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

    The author can be contacted through the electronic mail address
    <Olaf.Titz@inka.de>.

* Menu:

* Introduction::        About routing, VPNs and encryption.
* Installation::        Installing the CIPE software package.
* Configuration::       Configuration.
* Examples::            Examples of CIPE configurations.
* Protocol::            Description of the protocol used.
* Misc::                Odds and ends.
* Concept Index::       Index.

 --- The Detailed Node Listing ---

Introduction

* Network layers::      Where encryption takes place.
* Routing::             About IP routing and VPNs.
* How CIPE works::      The encapsulation method employed here.
* Components::          Which pieces of software CIPE consists of.
* Internals::           A look under the hood of CIPE.

Installing the CIPE software package

* Prerequisites::       What you need before installing.
* Advanced compiling::  Configuring the compile for different targets.
* Install::             Compiling and installing the software.
* Run::                 Running the software.

Running CIPE

* Program Names::       How the components of CIPE are named.
* insmod::              Loading the kernel module.
* ciped::               Running the daemon.

Configuration of the CIPE software

* Specifying options::  How CIPE gets its parameters.
* Parameter list::      All valid and needed parameters.
* Keys in older CIPE::  An incompatibility between Version 1.4 and earlier.
* SOCKS::               Routing with CIPE over a SOCKS5 relayer.
* Dynamic carrier::     How to deal with dynamic IP address assignment.
* Error handling::      How ciped deals with errors.

Usage examples

* Tips::                General useful tips on CIPE configuration.
* Example 1::           The classic VPN setups.
* Example 2::           A setup with dynamic addressing.

`$Id: cipe.texinfo,v 1.20 2000/08/21 11:29:56 olaf Exp $'


File: cipe.info,  Node: Introduction,  Next: Installation,  Prev: Top,  Up: Top

Introduction
************

* Menu:

* Network layers::      Where encryption takes place.
* Routing::             About IP routing and VPNs.
* How CIPE works::      The encapsulation method employed here.
* Components::          Which pieces of software CIPE consists of.
* Internals::           A look under the hood of CIPE.


File: cipe.info,  Node: Network layers,  Next: Routing,  Prev: Introduction,  Up: Introduction

Network layers and encryption
=============================

There are several different places where encryption can be built into
an existing network infrastructure, corresponding to the different
protocol layers:

  1. On the "network level": Packets travelling between hosts on the
     network are encrypted. The encryption engine is placed near the
     driver which sends and receives packets. An implementation is
     found in CIPE.

  2. On the "socket level": A logical connection between programs
     running on different hosts (TCP connection; transport or session
     layer in OSI) is encrypted. The encryption engine intercepts or
     proxies connections. SSH and SSL work this way.

  3. On the "application level": Applications contain their own
     encryption engine and encrypt data themselves. The best known
     example is PGP for encrypting mail.

Low-level encryption as implemented with CIPE has the advantage that it
can be made to work transparently, without any change to application
software. In the case of encrypting IP packets, it can be built into IP
routers which usually act as "black boxes" that only route traffic
between hosts, the hosts themselves don't see at all how the routing
works. So an "encrypting router" looks exactly like a non-encrypting
one, without any difference seen by other hosts and applications. It
can thus be used in places where software changes at higher levels are
not feasible.

Low-level encryption has the disadvantage that it does not guard against
intruders on a higher level, e.g. Trojaned applications, bug exploits
in system software or rogue administrators "sniffing" on terminal
devices.


File: cipe.info,  Node: Routing,  Next: How CIPE works,  Prev: Network layers,  Up: Introduction

IP routing and Virtual Private Networks
=======================================

A "virtual private network" (VPN for short) is a network (1) belonging
to one organization, using its own address range, but overlayed on
existing network infrastructure.  "IP-in-IP tunneling" makes it
possible to build IP-based VPNs on top of other IP-based "carrier
networks", such as the Internet.  "Encrypted tunneling" guards against
passive (sniffing) and active (faked message injection) attacks on the
carrier network. The carrier network sees only encrypted data.

Depending on the choice of protocol, all information the original
packets carry can be encrypted. This includes not only the actual
(payload) data but also the TCP/IP headers, leaving no trace as to
which addresses and services are actually used. "Traffic analysis"
attacks, which attempt to gain useful information out of sniffing by
"who contacts whom", are thus made unfeasible. An even more
sophisticated technique to thwart traffic analysis employs the
injection of dummy packets into the network which carry no useful
information at all but are (at the carrier level) indistinguishable
from real data packets.

IP routing in a VPN situation consists of the routing of the carrier
network, which in most situations is just a standard Internet setup,
and routing of the overlayed VPN. This is easiest when the address
ranges of carrier and VPN do not overlap in any way. It is common for
VPNs to use the 10.0.0.0/8 and 192.168.0.0/16 address ranges, which are
not part of the Internet and thus do never conflict with actual
Internet routing: any address in this range must be local to the
organization using it. *Note Example 1::, for a typical example.

The IPSEC standards define a set of protocols which can be used (among
other things) to build encrypted VPNs. However, IPSEC is a rather
heavyweight and complicated protocol set with a lot of options,
implementations of the full protocol set are still rarely used and some
issues (such as key management) are still not fully resolved.  CIPE
uses a simpler approach, in which many things which can be
parameterized (such as the choice of the actual encryption algorithm
used) are an install-time fixed choice. This limits flexibility but
allows for a simple (and therefore efficient, easy to debug...)
implementation.

---------- Footnotes ----------

(1) As CIPE is an IP routing application, this manual talks only about
IP-based networks.


File: cipe.info,  Node: How CIPE works,  Next: Components,  Prev: Routing,  Up: Introduction

How CIPE works
==============

CIPE encapsulates encrypted IP datagrams in UDP datagrams and sends
them via the normal UDP mechanism.  This is different from standard
IPIP encapsulation. UDP was chosen because this way many different
endpoints can easily be distinguished by port numbers; because an IP
protocol number would warrant a formal registration; and because
handling of UDP datagrams is easier than using a separate IP protocol
number, especially in firewalled setups.  Specifically, UDP can be
handled by user-level applications such as a SOCKS5 relayer. *Note
SOCKS::.

A CIPE "link" always connects exactly two endpoints. In many ways, the
link works like a PPP dial-up link. At present, each link has its own
secret 128-bit key which has to be known by both ends (and nobody
else). This "link key" (called "static key" in the protocol
description) is used to negotiate a frequently changed "dynamic key",
which encrypts the actual data.

It is planned that future versions of CIPE will negotiate their keys
via a "public key" mechanism, similar to the SSH package. This would
remove the need for shared secret keys.


File: cipe.info,  Node: Components,  Next: Internals,  Prev: How CIPE works,  Up: Introduction

CIPEs software components
=========================

The CIPE package consists of a kernel module and a driver program.  The
kernel module does the IP packet handling: sending and receiving
packets, encapsulation including encryption. It implements a "network
device" which is mostly handled like any other network device.
Configuration and the whole key exchange process is done by the user
level program `ciped'. *Note Program Names::.

`ciped' looks and behaves rather similar to `pppd'. In particular,
opening and closing a CIPE device is tied to starting and ending a
`ciped' process (one per device), the specification of options to the
daemon mimics `pppd''s setup and `ciped' invokes scripts on opening and
closing a device.


File: cipe.info,  Node: Internals,  Prev: Components,  Up: Introduction

Notes on internals
==================

(This section is only relevant to readers who want to understand the
source, not to the regular user.)

The module consists of an output driver, an input driver, the
encapsulation routines and some stuff to keep it all together. The
output driver is largely an adapted version of `new_tunnel' from the
Linux distribution. (1) In Linux 2.0 its actual packet sending is done
via the kernel IP forwarding engine. This implies that (a) forwarding
must be enabled in the kernel and (b) the encrypted packets, being UDP
packets with the source/dest addresses given as "me" and "peer", are
checked against the forwarding (as well as the output) firewall. (If it
doesn't work for you, first make sure that your firewall rules let the
packets pass!)

The input driver is an adaptation from the kernel UDP receiver. To
activate it, ciped has to set a socket into a special mode with an
`ioctl' call. This has to be a connected UDP socket. The
`ioctl_attach(2cipe)' call replaces the socket's `sendto(2)' and
`recvfrom(2)' operations with special versions that do decryption of
traffic internally and only pass key exchange blocks to the user layer.
The whole work of decrypting and rerouting incoming traffic is done
inside a blocking `recvfrom(2)'. This means that unlike normal IP
forwarding, it is called from user mode and the needed CPU time is
charged to the ciped process, although the data never passes into user
mode. `sendto(2)' encodes the block as a key exchange block and sends
it to the peer. The socket should not use `read(2)', `write(2)',
`select(2)' or nonblocking mode (yet).

Before attaching the socket, the operational parameters of the device
have to be set using a `ioctl_setpar(2cipe)' call. The key exchange
process supplies keys to the kernel via `ioctl_setkey(2cipe)'.

The netdevice can only be opened (configured "UP") if it has a
controlling socket. When the controlling socket is closed, the netdevice
gets closed. Conversely, closing the netdevice (with `ifconfig(8)')
closes the socket too. Closing deletes all information that is set by
ciped on the device.

---------- Footnotes ----------

(1) For Linux 2.2, this has been merged into the `ipip' module, but the
functionality is the same.


File: cipe.info,  Node: Installation,  Next: Configuration,  Prev: Introduction,  Up: Top

Installing the CIPE software package
************************************

The CIPE software package is available via
<http://sites.inka.de/~bigred/devel/cipe.html>. It is distributed in a
`tar.gz' file, currently about 102k in size. After unpacking the
distribution, run the `configure' script, possibly specifying options
there. Then run `make'.

* Menu:

* Prerequisites::       What you need before installing.
* Advanced compiling::  Configuring the compile for different targets.
* Install::             Compiling and installing the software.
* Run::                 Running the software.


File: cipe.info,  Node: Prerequisites,  Next: Advanced compiling,  Prev: Installation,  Up: Installation

Prerequisites
=============

CIPE runs under Linux 2.0.* since 2.0.12, 2.1.* since about 2.1.103,
2.2.* and 2.3.* since 2.3.48.  It was developed for the i386
architecture; other architectures _should_ work.

Make sure you have the source, or at least the complete include tree,
of the running kernel installed (usually in `/usr/src/linux'). The
version _and configuration_ of the kernel sources must match the kernel
on which it will run exactly, or else you risk building a module which
crashes.  You also have to use the same compiler version than the one
with which the kernel was compiled.  After reconfiguring and rebuilding
the kernel, don't forget to rebuild the CIPE module too. (This applies
to all externally compiled modules.) Enabling "versioned symbols" on
the kernel is strongly recommended, because it protects against version
skew between kernel and modules.

The kernel needs "IP Forwarding/Gatewaying" enabled in the configuration
for 2.0 kernels. Make sure to enable IP forwarding with
     echo 1 > /proc/sys/net/ipv4/ip_forward
on system boot with 2.2 and recent 2.0 kernels. It needs the `urandom'
device available.

A suited version of the module utilities (`modprobe' and friends) needs
to be installed. When in doubt, consult the documentation in the kernel
source.

As of version 1.3, CIPE uses an autoconf-generated configure script to
configure its Makefiles. This script takes the following parameters on
the command line. All of the parameters have defaults which should
suffice for a simple installation.
`--with-linux=dir'
     Path to the Linux source tree (e.g., `/usr/src/linux').

`--with-linux-include=dir'
     Path to the Linux include tree, if you don't have the complete
     source.

`--enable-protocol=n'
     Use encapsulation protocol `n'. Currently the only supported value
     is 3.

`--enable-idea'
     Use the IDEA cipher (default is Blowfish).

`--disable-debug'
     Disable debugging code in kernel module. Not really useful.

`--disable-dyndev'
     Disable dynamic device allocation. Not really useful.

`--enable-logfacility=x'
     Set syslog facility for ciped (default is LOG_DAEMON).

`--disable-asm'
     Disable use of assembler code. Not really useful.

`--enable-name=n'
     Set a name suffix for the compilation directory.

`--enable-bug-compatible'
     Use old, broken interpretation of keys. *Note Keys in older CIPE::.

The script then looks for certain parameters (like whether compiling for
an SMP system) in the kernel headers, and it creates a new directory
named like `2.2.6-i386-cb' in which compilation will take place.  (This
would be for Linux 2.2.6 on i386, protocol 3 [the "c"], Blowfish [the
"b"].)


File: cipe.info,  Node: Advanced compiling,  Next: Install,  Prev: Prerequisites,  Up: Installation

Advanced compiling
==================

The use of a separate object directory means it is possible to compile
CIPE for separate targets in the same directory. An example would be a
machine running different kernels for testing, etc. In that case you
would have kernel directories like `/usr/src/linux-2.0.36',
`/usr/src/linux-2.2.6', and so on. Running `configure
--with-linux=/usr/src/linux-2.0.36' and after that `configure
--with-linux=/usr/src/linux-2.2.6' leaves two directories
`2.0.36-i386-cb' and `2.2.6-i386-cb'. You can run `make' _in each of
the object directories_ separately.

Another common case is a setup where one central box compiles kernels
for different machines. You can rename CIPE's compilation directories
with the -enable-name option, perhaps name them after the target
machine:
     ./configure --with-linux=/usr/src/linux-2.2.6-bigbox \
                 --enable-name=bigbox
     make -C 2.2.6-i386-cb-bigbox
     ./configure --with-linux=/usr/src/linux-2.2.6-satellite \
                 --enable-name=satellite
     make -C 2.2.6-i386-cb-satellite
     ./configure --with-linux=/mounts/srv1/linux-2.2.5-small \
                 --enable-name=laptop
     make -C 2.2.5-i386-cb-laptop

In the same way distribution maintainers could prepare a set of
differently configured CIPE modules (IDEA vs. Blowfish) for one target.
The names of the module and driver are chosen so that different
configurations can coexist on one target. *Note Program Names::.

Note that real cross-compilation is not possible for now, because the
configure script always assumes the CPU architecture of the system where
it runs.


File: cipe.info,  Node: Install,  Next: Run,  Prev: Advanced compiling,  Up: Installation

Installation
============

A simple `make' command compiles everything. Compiler warnings should
not occur (1). Do `make install' as _root_ to install the software
components in their final location.  These are a kernel module, named
according to the protocol version and encryption algorithm selected,
and the driver program, which is (as of CIPE 1.3) also named after the
protocol version and encryption algorithm. *Note Program Names::. The
Makefiles accept the semi-standard options `BINDIR, MODDIR, INFODIR' to
specify where the stuff gets installed.

You need to create a directory `/etc/cipe' which contains at least two
files, `options' and `ip-up'. You can copy the files from the `samples'
directory in the distribution here, and edit them to suit your needs.
*Note Configuration::.

If Compiling doesn't work:

There is a known problem in that the various 2.0.30 and 2.0.31
pre-releases disagree on whether they have a certain feature
(`SO_BINDTODEVICE'), and detecting this version dependency via the
version number is not foolproof. Apparently, since 2.0.32, this problem
is resolved. If `output.c' doesn't compile under 2.0.*, change the line
     #ifdef SO_BINDTODEVICE
to `#if 1' or `#if 0' as needed.

A similar problem exists in the 2.3.99 pre-releases, where the `name'
part of the `net_device' structure has changed. If an error occurs
during compilation of `device.c' under 2.3.99pre-n, change the
conditional definition of `HAVE_DEVNAME_ARRAY' in `cipe.h' to `#if 1'
or `#if 0' as needed.

---------- Footnotes ----------

(1) except perhaps in debug `printk' statements, depending on the
kernel version


File: cipe.info,  Node: Run,  Prev: Install,  Up: Installation

Running CIPE
============

Once installed, the CIPE software is run by loading the module and
running the `ciped' daemon.

* Menu:

* Program Names::       How the components of CIPE are named.
* insmod::              Loading the kernel module.
* ciped::               Running the daemon.


File: cipe.info,  Node: Program Names,  Next: insmod,  Prev: Run,  Up: Run

Program Names
-------------

The module name is `cip' followed by the protocol version as a letter
and the first letter of the encryption algorithm. E.g.  `cipcb' for
version 3 (i.e. "c"), Blowfish (the default). The device names which
this module manages are the module name followed by a number, e.g.
`cipcb0'.

Since CIPE 1.3, the daemon program is named `ciped-' followed by the
protocol and encryption letters, likewise. E.g. `ciped-cb'.  Where this
manual refers to `ciped', assume the real name as given here.

The configuration parameters of kernel module and daemon must match (the
module checks this), but the daemon does not depend (at least not in
theory) on the kernel version. The naming scheme is chosen so that all
possible modules and daemons on one machine can coexist.


File: cipe.info,  Node: insmod,  Next: ciped,  Prev: Program Names,  Up: Run

Loading the module
------------------

The kernel module is loaded into the kernel via the command
     modprobe modulename parameter=value...

The CIPE module accepts the following additional parameters:
`cipe_debug=(number)'
     Set the debugging level. The file `cipe.h' defines different
     debugging levels which are ORed. Set this to 0 if you don't need
     debugging output. Debugging output is emitted via kernel messages,
     which means it usually winds up in the syslog somewhere.

`cipe_maxdev=(number)'
     Set the number of channels this module manages. E.g. with
     `cipe_maxdev=4' the devices `cip3b0' through `cip3b3' are
     available. Maximum is 99. Since CIPE 1.2, there is no need to set
     this, since channels are allocated dynamically.

The module can be autoloaded via `kerneld'/`kmod'. Advanced users will
recognize the following options in `/etc/conf.modules' necessary to
make it work correctly:
     alias cipcb0 cipcb
     options cipcb cipe_debug=0
Note: with dynamic device allocation, aliasing any device other than
`cipcb0' is pointless and autoloading only works when the requesting
application is `ciped' (not `ifconfig' etc.)  This is a limitation
inherent in dynamic device allocation.


File: cipe.info,  Node: ciped,  Prev: insmod,  Up: Run

Running the `ciped' daemon
--------------------------

The `ciped' daemon must be run as _root_. (*Do not* make it setuid.) It
takes as command line arguments an optional `-o file' parameter
specifying an options file followed by any number of individual option
arguments. *Note Specifying options::.

Except in debugging mode, the daemon puts itself in the background and
uses `syslog(3)' for logging messages. Normal operation causes no log
messages except for errors and a notice when the daemon terminates.

Shutting down (with `ifconfig(8)') a CIPE device terminates its `ciped'
process, and vice-versa terminating a `ciped' closes the device. When a
device is closed, its configuration parameters including all keys and
statistics are erased. (This is different from earlier CIPE versions!)
`ciped' does not keep any keys in memory.

When the device comes up, `ciped' spawns `/etc/cipe/ip-up' with the
parameters described in the sample version. It waits for completion of
this script before data can be sent over the device and before it goes
into the background. The script is called with standard input, output
and error to `/dev/null'. It typically sets routes and does some
logging. Since CIPE 1.4, the script is called with all options (except
key) in environment variables named after the option.

Likewise, when a CIPE device goes down, `/etc/cipe/ip-down' is invoked.
`ciped' itself logs the interface statistics when closing.

`ciped' will terminate when an error occurs. This includes a
"connection refused" message from the peer, to be able to detect
non-working peers. This default error handling implies that no data may
be sent over a link unless _both_ ends are up and running, or the first
one to come up will go down again immediately. In particular, the
"ping" command in the sample `ip-up' should not be activated on both
ends of a link. This behaviour can be customized. *Note Error
handling::, for more details.


File: cipe.info,  Node: Configuration,  Next: Examples,  Prev: Installation,  Up: Top

Configuration of the CIPE software
**********************************

* Menu:

* Specifying options::  How CIPE gets its parameters.
* Parameter list::      All valid and needed parameters.
* Keys in older CIPE::  An incompatibility between Version 1.4 and earlier.
* SOCKS::               Routing with CIPE over a SOCKS5 relayer.
* Dynamic carrier::     How to deal with dynamic IP address assignment.
* Error handling::      How ciped deals with errors.


File: cipe.info,  Node: Specifying options,  Next: Parameter list,  Prev: Configuration,  Up: Configuration

Specifying options
==================

All configuration parameters are processed by the `ciped' daemon.  It
takes parameters from
  1. the default options file (`/etc/cipe/options'),

  2. an options file specified as `-o file' on the command line,

  3. single options given on the command line,

in that order. Which means, parameters on the command line override
those from files, and parameters from an explicit options file override
those from the default options file.

Options are one of the types: boolean, integer, string, IP address, IP
address with port number. Booleans are default false and specifying them
as option makes them true. IP addresses are given as dot-quad notation
or domain names which can be resolved using `gethostbyname(3)'. UDP or
TCP addresses are given as `ip:port', where the port is a number or a
name resolvable by `getservbyname(3)'.

The syntax for specifying options is `name=value' on the command line,
and `name value' (one option per line, no continuations, escapes,
quoting etc.) in the options file.

For security reasons, options files must be given as absolute paths,
and they and all their parent directories must be owned by root and not
writable by group or other, and the options file itself must be even not
readable by group or other (because it may contain keys).


File: cipe.info,  Node: Parameter list,  Next: Keys in older CIPE,  Prev: Specifying options,  Up: Configuration

List of all parameters
======================

(Req=Required parameter)

Name       Type      Req     
`device'   String    no      Name of the CIPE device. If not given, the
                             system picks a free one.
`debug'    Bool              Don't go background, use stderr instead of
                             syslog.   (Independent of the kernel driver
                             debug option.)
`ipaddr'   IP        yes     IP address of the CIPE device.
`ptpaddr'  IP        yes     IP address of the peer device (i.e. the CIPE
                             device on the other end).
`mtu'      Int       no      Device MTU (default: ethernet standard MTU
                             minus all necessary headers)
`metric'   Int       no      Device metric (not sure if this is used
                             anywhere...)
`cttl'     Int       no      Carrier TTL value. If not specified or 0, use
                             the payload packet's  TTL. Default
                             recommendation is 64.
`me'       UDP       no      Our carrier UDP address. If either IP or port
                             are not given, the  system picks one and
                             reports it via `ip-up'.
`peer'     UDP       yes     The other end's carrier UDP address.
`key'      String    (yes)   The link key. For security reasons, the key
                             has to be set via an  options file, subject
                             to the restrictions described above. The key
                             should be 128 bits in hexadecimal encoding.
                             (To generate such a beast  from random, try
                             `ps -auxw | md5sum'.)
`nokey'    Bool              Don't encrypt at all, just encapsulate in
                             UDP. Only with this option,  `key' is not
                             needed.
`socks'    TCP       no      Address (port required!) of the SOCKS5
                             server. *Note SOCKS::.
`tokxc'    Int       no      Timeout (seconds) for key exchange. Default:
                             10.
`tokey'    Int       no      Dynamic key lifetime. Default: 600 (10
                             minutes).
`ipup'     String    no      Script to run instead of `/etc/cipe/ip-up'.
`ipdown'   String    no      Script to run instead of `/etc/cipe/ip-down'.
`arg'      String    no      Argument to supply to `ip-up', `ip-down'.
`maxerr'   Int       no      Maximum number of errors before ciped exits.
                             *Note Error handling::.
`tokxts'   Int       no      Key exchange timestamp timeout. Default: 0
                             (no timestamps).   Set this to 30 to prevent
                             key exchange replay attacks, but only if the
                             peer runs CIPE 1.2 or later and both system
                             clocks are reasonably  synchronized.
`ping'     Int       no      Frequency (in seconds) for keep-alive pings.
                             Default is don't send any pings.   The "ping"
                             used here is internal to CIPE, not ICMP ping.
`toping'   Int       no      Timeout for pings. If no answer is received
                             on a keep-alive ping in  this time, it counts
                             as an error, *Note Error handling::.
                             Default is no check for answers.
`dynip'    Bool              Assume the carrier is on a dynamic IP
                             address. *Note Dynamic carrier::.


File: cipe.info,  Node: Keys in older CIPE,  Next: SOCKS,  Prev: Parameter list,  Up: Configuration

Incompatibility of keys to older CIPE versions
==============================================

Versions of CIPE before 1.4.0 have a bug in the way the `key' option is
interpreted. It is supposed to be a 128-bit hexadecimal number.
However, earlier versions interpret the digits `a' through `f' as equal
to `1' through `6'. This reduces the effective key space from 16^32 (32
hex digits) to 10^32 (32 decimal digits), or 109 bits